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DETAILED ACTION 

The instant application having Application No. 10/534,855 is presented for 
examination by the examiner. Claims 45-85 are remaining for examination. 

Applicant's arguments filed 12/05/08 have been fully considered but they are not 
persuasive. Specifically Applicant has alleged that the cited prior art does not teach (i) 
initializing a state with a sound value, (ii) changing a states to an unsound value, and 
(iii) a set of behavioral rules from the standpoint of the operation and security side. 
Examiner respectfully disagrees. Examiner finds statements alleging that the prior art 
fails to disclose a limitation "in the meaning of the claimed invention" as an improper 
narrow interpretation based on not limitations found in the claims but rather imposed 
limitations from the specification. Imposing narrow interpretations of claimed limitations 
based on the specification's limitation is not proper. If it is intended that a claim be 
narrowly interpreted in such a way, those limitations need to be added into the claims 
themselves. Examiner has interpreted the claims as broadly as possible based on the 
each and every word found in the claims. 

As per allegation (i) above, Sung-Do Chi et al., hereinafter Sung, discloses on 
page 322 a basis for which his system expounds from. Sung teaches an intrusion 
model can be classified with four states, cool, warm, hot, and cool down. Here, Sung 
introduces the concept of assigning states to components within the system. Sung 
goes on to teach about transitions which dictate state changes (pg. 323). These 
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transitions, also referred to as phases, are analogous to the states of the claimed 
invention. Sung does not explicitly teach each component being initialized to a state but 
that is obvious in view of Apostal. Sung does teach that initial conditions for simulation 
can be setup for each node (pg. 331). Apostal teaches each component of a network 
analyzer is maintained, thus each phase must inherently have a first state. The word 
sound in the claim can be broadly interpreted as meaning valid, proper, or safe as an 
example. 

As per allegation (ii), in Fig. 5, Sung explicitly shows each component, attacker, 
and analyzer has transition functions. These 'phases' [states], such as passive or busy, 
are equivalent to a sound states. In other words a passive state or busy state is an 
acceptable or valid state to be in. Applicant has argued that the "state" in Sung relates 
not to a condition but rather a detail of the component. Examiner disagrees with this 
analysis of Sung. Sung discloses on page 325 that the state variables are service 
type, H/W type, and O/S type. These are variables of the states, not the states 
themselves. The states are listed in the Fig. 5 as phases such as passive or busy. 
With respect to changing to an unsound state, there are Examiner finds two similar 
interpretations of Sung which meet this limitation. First, in the context of Fig 5, 
specifically when dealing with running the simulation, if a phase is not in the expected 
phase, it could be considered that an attack has altered the "state" of the system and 
therefore the state is unsound or invalid. This interpretation is in alignment with the 
foundation Sung set forth with states of the system being hot, cool, and warm, etc. 
Second, Sung also teaches each node [component] can be attributed a vulnerability 
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value. The vulnerability value represents the total number of attacks and successful 
attacks on each node. It can be readily seen that a relatively high vulnerability value 
would constitute an unsound value of the state of that node (pg 331 ). In this 
interpretation state is not just the phase but the overall condition of the node. 

As per allegation (iii), Examiner finds support for this limitation on page 325. 
Behavioral rules can be interpreted as how something is supposed to behave given a 
particular stimulus. This is equivalent to the consequence of a given input. Sung 
teaches this on page 325 as monitoring is running (consequence). The system is setup 
knowing how the network should react to a given input. Through monitoring and 
analyzes, Sung teaches covering two aspects of the behavioral rules. The first aspect 
is analogous to the claims operation of the system limitation. In particular, Sung 
teaches that components are governed by phase transitions. These phases dictate the 
operation of system. If one of those operations is broken, the second aspect is 
prevalent. The system analyzes the vulnerability of the nodes. This is analogous to the 
security standpoint of the system. The idea meets the (iii) limitation of the claim. 



Claim Rejections - 35 USC § 101 
35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, 
subject to the conditions and requirements of this title. 
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Claims 45-82 are rejected under 35 U.S.C. 101 based on Supreme Court 
precedent and recent Federal Circuit decisions, a 35 U.S.C § 101 process must (1) be 
tied to a particular machine or (2) transform underlying subject matter (such as an 
article or materials) to a different state or thing. In re Bilski et al, 88 USPQ 2d 1385 
CAFC (2008); Diamond v. Diehr, 450 U.S. 175, 184 (1981); Parker v. Flook, 437 U.S. 
584, 588 n.9 (1978); Gottschalk v. Benson, 409 U.S. 63, 70 (1972); Cochrane v. 
Deener, 94 U.S. 780,787-88 (1876). 

An example of a method claim that would not qualify as a statutory process 
would be a claim that recited purely mental steps. Thus, to qualify as a § 101 statutory 
process, the claim should positively recite the particular machine to which it is tied, for 
example by identifying the apparatus that accomplishes the method steps, or positively 
recite the subject matter that is being transformed, for example by identifying the 
material that is being changed to a different state. 

Here, applicant's method steps are not tied to a particular machine and do not 
perform a transformation. Thus, the claims are non-statutory. 

The mere recitation of the machine in the preamble with an absence of a 
machine in the body of the claim fails to make the claim statutory under 35 USC 1 01 . 
Note the Board of Patent Appeals Informative Opinion Ex parte Langemyer et al. 



Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 
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The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 45-85 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

As per claims 45 and 83, "the one hand", "the specification", the architecture", 
"the system", "the other hand", "the operation", "the standpoint", "the component", and 
"the simulation" all lack antecedent basis. A set of components is defined but then a 
reference to said component is made. This should recite said set of components. 
Further problems arise when a component or the component is referenced. 

The phrase "and/or" is indefinite because of its dual meaning of alternative or 
additional. This claim is very difficult to determine the scope due to all of these 
problems. The dependent claims should also be checked to make sure the antecedent 
bases are all definitive. The dependent claims are likewise rejected for at least the 
same reason as claims 45 and 83. Appropriate correction is required. 

As per claim 46, the phrase "may also be" renders the claim indefinite. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 
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Claims 45-48, 52, 53, 55, and 83 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sung et al. in view of Apostal D et al. 

With respect to claim 45, Sung teaches the limitation of a "modeling phase, 
comprising on the one hand the specification of the architecture of the information 
system with a graphical representation of a set of components of the system and 
relations between said components, each component being associated with at least one 
state initialized with a sound value, the relations between two determined components 
comprising propagation relations able to convey attacks, and on the other hand the 
specification of a set of behavioral rules, from the standpoint of the operation of the 
system and from the standpoint of security, associated with the components of the 
system, each behavioral rule comprising one or more predicates and/or one or more 
actions" (page 321 , lines 10-18) as the network security modeling and cyber attack 
simulation employing the advanced modeling and simulation concepts that supports a 
hierarchical and modular modeling environment, which (page 323, lines 7-14) consists 
of a system entity structure (SES) and model base (MB). The SES represents the 
knowledge of decompositions, taxonomies, coupling specification and constraints. The 
model base contains models that are procedural in character, expressed in discrete 
event system specification formalism. Furthermore (page 325, lines 18-20) dynamics of 
the component models can be represented in various ways according to their respective 
state variables. Finally, Sung discloses the graphical representation (Fig. 8; page 331, 
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lines 1-8) as SECUSIM system where users can set up initial conditions for simulation 
by using windows of each node. 

In addition, Sung discloses the limitation of "a simulation phase, comprising the 
specification and the simulation of potential attacks against the information system, a 
successful attack causing a state of a component to pass to an unsound value" (page 
327, lines 10-12) as the attacker model outputs a sequence of attacking commands 
according to its attacking scenario and (page 327, lines 19-23) he analyzer model can 
determine the number of successful attacks. 

It is noted, however, that Sung does not explicitly teach the limitation of "each 
component being associated with at least one state initialized with a sound value." 

On the other hand, Apostal teaches the abovementioned limitation (page 218, 
right column, lines 23-25) as the server allows client to view the state of nodes and 
resources. 

It would have been obvious to one of the ordinary skill in the art at the time of the 
invention to incorporate teachings of Apostal into the system of Sung to provide means 
for storing additional information about the network and its components. 

With respect to claim 46, Sung teaches the limitation of "a name [service type] 
being associated with each component one or more adjectives [execution of each 
phrase] may also be associated with said component, which adjectives make it possible 
to designate said component without naming it" (pg. 326, Fig 5). 
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With respect to claim 47, Sung teaches the limitation of "determined states are 
associated with each component of the information system, each state being able to 
take a sound value [phases] and one or more unsound values" (pg. 326, Fig 5) as the 
server allows client to view the state of nodes and resources and (pg 331 ). 

With respect to claim 48, Sung teaches the limitation of "certain at least of said 
states pertain respectively to the activity, the confidentiality, the integrity and/or the 
availability of the component with which they are associated" (pg 326, Fig. 5). 

With respect to claim 52, Sung teaches the limitation of "the relations between 
any two determined components comprise service relations making it possible to 
designate a component on the basis of another component" (page 325, lines 1 7-20) as 
network component model comprises various services such as Telnet, Email, Ftp, Web, 
and Packet Filtering. The dynamics of these component models can be represented in 
various ways according to their respective stated variables. 

With respect to claim 53, Sung teaches the limitation of "the behavioral rules 
comprise rules for propagating attacks, these rules being for example implemented in 
components which are vectors of attacks, and rules for absorbing attacks, these rules 
being for example implemented in components which are the target of attacks" (page 
327, lines 10-12) as the attacker model outputs a sequence of attacking commands 
according to its attacking scenarios. 
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With respect to claim 55, Apostal teaches the limitation of "at the end of the 
modeling phase, the construction of a local routing table, making it possible to direct an 
attack from a start component to a finish component" (page 216, right column, lines 26- 
29) as map table that holds locations and size information for elements (nodes and 
network segments) that are drawn on the network map. 

With respect to independent claim 83, it is rejected in view of the same reasons 
as stated in the rejection of independent claim 45. 

Claims 49-51 and 54 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Sung et al. "Network security modeling and cyber attack simulation methodology." 
Information Security and Privacy. 6 th Australian Conference, ACISP 2001 , 07/1 1/01 , 
pages 320-333 in view of Apostal D et al "Checkmate network security modeling." 
Proceedings DARPA Information Survivability Conference and Exposition II. 06/12/01, 
pages 214-226, vol. 1 as applied to claim 45, and further in view of Ritchey at al. "Using 
model checking to analyze vulnerabilities." Proceedings of the 2000 IEEE Symposium 
on Security and Privacy. 05/14-17/2000, pages 156-165. 

With respect to claim 49, it is noted that neither Sung nor Apostal explicitly teach 
the limitation of "an alleged name may be associated with any determined component, 
in particular in the case where said determined component is a usurper." 
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On the other hand, Ritchey teaches the abovementioned limitation (page 162, left 
column, lines 43-46) as Hostid is sequentially assigned to each host and is used to 
index into the row and column of the connectivity matrix. The attacker is assigned 
hosted one, so the Hostid numbering starts at two. 

It would have been obvious to one of the ordinary skill in the art at the time of the 
invention to incorporate teachings of Ritchey into the system of Sung and Apostal to 
provide a straight-forward method of determining whether a host can communicate with 
another host. 



With respect to claim 50, Ritchey teaches the limitation of "a link to another 
component may be associated with any determined component, in particular in the case 
where said determined component is usurped and where said other component is a 
usurper" (page 162, right column, lines 36-41) as the connectivity matrix is used to 
determine whether a host can communicate with another host. The host ids for the 
source and destination hosts are used to index into the row and column of the matrix to 
determine if communication is possible. 



With respect to claim 51 , Ritchey teaches the limitation of "the propagation 
relations are bidirectional relations able to convey attacks in both directions" (page 160, 
right column, lines 34-40) as in our SMV example we have modeled connectivity with a 
Boolean matrix that has the distinct disadvantage of not allowing our model to describe 
partial connectivity. This choice was made to simplify the example. It would be an easy 
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task to add a richer connectivity description to our method that includes common 
network connectivity details such as port numbers. 

With respect to claim 54, it is noted that neither Sung nor Apostal explicitly teach 
the limitation of "the behavioral rules comprise binary rules, for example Boolean logic 
conditions giving a value of type yes/no, and/or functional rules, for example logic 
conditions involving a routing action (for a propagation rule) or contagion action (for an 
absorption rule)." 

On the other hand, Ritchey teaches the abovementioned limitation (page 163, left 
column, lines 11-13) as an exploit is described by a case statement that determines 
whether all of the prerequisites for the exploit have been met. 

It would have been obvious to one of the ordinary skill in the art at the time of the 
invention to incorporate teachings of Ritchey into the system of Sung and Apostal to 
provide a better way to determine the severity and probability of the system's exploits. 

Claims 56, 57, 59-61 , 67-69, 71-73, 84, and 85 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Sung et al. "Network security modeling and 
cyber attack simulation methodology." Information Security and Privacy. 6 th Australian 
Conference, ACISP 2001, 07/1 1/01 , pages 320-333 in view of Apostal D et al 
"Checkmate network security modeling." Proceedings DARPA Information Survivability 
Conference and Exposition II. 06/12/01, pages 214-226, vol. 1 as applied to claim 55 
above, and further in view of Gupta et al. (US 7,289,456 B2). 
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It is noted that neither Sung nor Apostal teach the limitation of "the local routing 
table is generated automatically according to the principle of the shortest path between 
the start component and the finish component." 

On the other hand, Gupta teaches the abovementioned limitation (column 13, 
lines 47-59) as the routing engine will determine multiple paths between the two routing 
nodes. Specifically, the routing engine may determine a shortest path and one or more 
alternate shortest paths (i.e., a second, third, etc. alternate shortest path), using for 
example, the Dijkstra Algorithm. The former determination can be performed by first 
determining a shortest path to the destination node and by then determining alternate 
shortest paths by determining a shortest path to each of the destination node's 
neighboring routing nodes. 

It would have been obvious to one of the ordinary skill in the art at the time of the 
invention to incorporate teachings of Gupta into the system of Sung and Apostal to 
provide more efficient network model. 

With respect to claim 57, Apostal teaches the limitation of "the attacks simulation 
step comprises the updating of the state of a component of the system altered by a 
successful attack" (page 220, lines 2-6) as the Checkmate server evaluates the attack 
action and applies the effects of that action to the model network. The possible effects 
of an attack action include changing the state of a node or protocol. 
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With respect to claims 59 and 60, Apostal teaches the limitations of "the attacks 
comprise elementary attacks corresponding to unsound state values" and "the attacks 
further comprise a special usurping attack" (page 219, left column, lines 9-13) as an 
attacker can send commands that simulate requests for service functionality, that 
change services or nodes, and that exploit vulnerabilities. 

With respect to claim 61 , Apostal teaches the limitation of "an attack is defined, in 
particular, by a type of attack, a type of protocol, and attack path elements" (page 218, 
left column, line 20 - right column, line 1) as each role has associated with it a number 
of characteristics including: a set of nodes to attack, a set of nodes to defend, a set of 
mission objectives, a set of initial resources, and a level of programming ability. 

With respect to claim 67, Sung teaches the limitation of "the attacks are defined 
in a language using the same words as a language in which the behavioral rules are 
defined" (page 325, lines 5-8) as the experimental frame concept may be suitably 
utilized to couple with a given network model, generates input external events (cyber 
attack commands), monitor its running (consequences), and process its output 
(vulnerability). 

With respect to claim 68, Sung teaches the limitation of "the modeling phase 
and/or the simulation phase are implemented by a user by means of a man/machine 
interface comprising a multiview functionality, wherein a graphical representation of the 
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system is presented to the user as several views" (page 331 , lines 1-8) as a network 
security simulation system where users can set up initial conditions for simulation by 
using windows of each node. The can also try to test various cases by attaching 
attacker and analyzer to any particular node. Procedures of simulation can be checked 
by the packet-based animation and more detailed procedures can be checked through 
given windows. 

With respect to claim 69, it is rejected in view of the same reasons as stated in 
the rejection of claim 68. 

With respect to claim 71 , it is noted that neither of Sung, Apostal, and Gupta 
teach the limitation of "the behavioral rules for the components belonging to a view do 
not call by name upon components belonging to another view." 

On the other hand, examiner takes the official notice that isolation of the 
elements is in the network system is not a novel concept and therefore, it would have 
been obvious to one of the ordinary skill in the art to provide no other ways for 
components to reference each other, other than through the information defined in the 
routing table controlled by the administrator to improve the security of the system. 

With respect to claims 72 and 73, they are rejected in view of the same reasons 
as stated in the rejection of claim 68. 
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With respect to claims 84 and 85, they are rejected in view of the reasons stated 
in the rejection of claim 68. 

Claim 58 is rejected under 35 U.S.C. 103(a) as being unpatentable over Sung et 
al. "Network security modeling and cyber attack simulation methodology." Information 
Security and Privacy. 6 th Australian Conference, ACISP 2001, 07/11/01, pages 320-333, 
Apostal D et al "Checkmate network security modeling." Proceedings DARPA 
Information Survivability Conference and Exposition II. 06/12/01, pages 214-226, vol. 1, 
and Gupta et al. (US 7,289,456 B2) as applied to claim 57 above, and further in view of 
Dowd etal. (US 7,315,801 B1). 

With respect to claim 58, it is noted that neither of Sung, Apostal, or Gupta teach 
the limitation of "the simulation phase furthermore comprises the building of a file or 
journal of the attacks, containing the log of the changes of the state of the components 
consequent upon successful attacks, in particular to allow subsequent processing by a 
user." 

On the other hand, Dowd teaches the abovementioned limitation (column 14, 
lines 11-13) as the security modeling system includes a log or a recorder which allows 
the system to play back the moves of an attacker or defender or both. 

It would have been obvious to one of the ordinary skill in the art at the time of the 
invention to incorporate teachings of Dowd into the system of Sung, Apostal, and Gupta 
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because the system logs would provide the ability for the administrator to examine data 
retroactively. 

Claims 62-66 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Sung et al. "Network security modeling and cyber attack simulation methodology." 
Information Security and Privacy. 6 th Australian Conference, ACISP 2001 , 07/1 1/01 , 
pages 320-333, Apostal D et al "Checkmate network security modeling." Proceedings 
DARPA Information Survivability Conference and Exposition II. 06/12/01, pages 214- 
226, vol. 1 , and Gupta et al. (US 7,289,456 B2) as applied to claim 61 above, and 
further in view of Cohen et al. (US 6,952,779 B1 ). 

With respect to claim 62, it is noted that neither of Sung, Apostal, or Gupta 
explicitly teach the limitation of "the attack path elements comprise a start component, a 
finish component, a target component, and as appropriate one or more intermediate 
components." 

On the other hand, Cohen teaches the abovementioned limitation (column 7, 
lines 1-2) as the system simulates attacks through the network topology from each start 
point to each end point. 

It would have been obvious to one of the ordinary skill in the art at the time of the 
invention to incorporate teachings of Malan into the system of Sung, Apostal, and Gupta 
to provide a better security by quickly and robustly correlating the statistics collected 
from the network to reconstruct the path of the attack. 
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With respect to claim 63-66, Cohen teaches the limitations of " the list of 
components already traversed by an attack is saved in one or more upstream stacks", 
"the upstream stacks comprise a stack containing the exhaustive list of all the 
components traversed, designated by their real name", "wherein the upstream stacks 
comprise a stack containing the list of only those components traversed which are 
opaque, designated by their real name or, as appropriate, by their alleged name", and 
"the list of destination components of an attack is saved in at least one downstream 
stack" (column 7, lines 25-35) as the attack simulation commences from a specified 
attack starting point. The system then loops through a moving front-line algorithm by 
repeatedly evaluating the constraints for every state/graph node that has not yet been 
reached. The moving front-line algorithm continues adding edges to new graph nodes 
until no more states/graph nodes can be reached at which point the process terminates. 

Claims 70 and 74-76 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Sung et al. "Network security modeling and cyber attack simulation methodology." 
Information Security and Privacy. 6 th Australian Conference, ACISP 2001 , 07/1 1/01 , 
pages 320-333 in view of Apostal D et al "Checkmate network security modeling." 
Proceedings DARPA Information Survivability Conference and Exposition II. 06/12/01, 
pages 214-226, vol. 1 and Gupta et al. (US 7,289,456 B2) as applied to claim 68 above, 
and further in view of Pitchaikani et al. (US 6,061 ,505). 
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With respect to claims 70, it is noted that neither of Sung, Apostal, and Gupta 
explicitly teach the limitation of "the function of interconnection between the components 
included in two distinct views is ensured only via the common component or the 
common components shared by the two views" (column 10, lines 48-54) as each view 
record of view records includes information about a given logical view, and is connected 
by a plurality of pointers to a plurality of view device records. Each view device record of 
view device records contains an index that indicates which device interface exists in a 
particular logical view. Furthermore, (column 1 1 , line 7) to represent this relationship 
between various views, a plurality of pointers associates each view record of view 
records that represents a view having a subview with the view records in view records 
which represent the one or more subviews. Where subview can be a view of the station 
alone. 

It would have been obvious to one of the ordinary skill in the art at the time of the 
invention to incorporate teachings of Pitchaikani into the system of Sung, Apostal, and 
Gupta to create a logical topology map of the network. 

With respect to claims 74 and 75, it is rejected in view of the same reasons as 
stated in the rejection of claim 70. 

With respect to claim 76, Pitchaikani teaches the limitation of "the modeling 
phase further comprises the specification of one or more basic metrics associated 
respectively with the components" (Table 5; column 1 1 , line 53 - column 1 2, line 5) as 
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database includes TopoMonitor records, polling records, location records, describe 
records, ExtView Info records, AppSpecificinfo records, Mgmt Addr records, etc. 

Claims 77-82 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Sung et al. "Network security modeling and cyber attack simulation methodology." 
Information Security and Privacy. 6 th Australian Conference, ACISP 2001 , 07/1 1/01 , 
pages 320-333 in view of Apostal D et al "Checkmate network security modeling." 
Proceedings DARPA Information Survivability Conference and Exposition II. 06/12/01, 
pages 214-226, vol. 1 , Gupta et al. (US 7,289,456 B2), and Pitchaikani et al. (US 
6,061 ,505) as applied to claim 76 above, and further in view of Swiler et al. (US 
7,013,395 B1). 

With respect to claim 77, Sung teaches the limitation of "the basic metrics 
comprise a metric of effectiveness of parries, a metric of effectiveness of detection of 
attacks, and/or a metric of the means of an attacker" (page 327, lines 19-22) as the 
analyzer model is designed to gather the statistics and analyze the performance index 
such as the vulnerability of each component on given network. For the simulation 
convenience, we have defined the component vulnerability as the number of successful 
attacks divided by the total number of attempted attacks. 

In addition, Swiler further teaches the abovementioned limitation as (column 7, 
lines 7-1 1 ) as the attack template also contains an edge weight. When the template is 
instantiated, it returns a value that is the weight on the edge in the attack graph. The 
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value may represent time for the attack to succeed, cost to the attacker, etc., depending 
on which metric the user chooses. Furthermore, (column 9, lines 56-64) each node in 
the graph contains information about what user privileges the attacker has obtained, 
extra vulnerabilities not implied by the privilege level, and the shortest distance from the 
start to the current node. Distance, in this case relates to the edge weight functions in 
the attack templates and represents such considerations as estimated time, cost, 
degree of effort, and likelihood of detection of the attack. 

It would have been obvious to one of the ordinary skill in the art at the time of the 
invention to incorporate teachings of Swiler into the system of Sung, Apostal, Gupta, 
and Pitchaikani to provide the extensive view of the attack paths and advantages 
gained by the attacker. 

With respect to claims 78-82, they are rejected in view of the same reasons as 
stated in the rejection of claim 77. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is 
(571)270-7316. The examiner can normally be reached on Monday - Thursday, 7:30am 
- 5:00pm, EST. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/M. R. V./ 

Examiner, Art Unit 2431 
/Syed Zia/ 

Primary Examiner, Art Unit 2431 



